CVE-2006-5795

Name of the Vulnerable Software and Affected Versions: OpenEMR versions 2.8.1 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to various PHP files, including (a) billing process.php, (b) billing report.php, (c) billing report xml.php, and (d) print billing report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main info.php and (i) main.php in interface/main/; (j) interface/new/new patient save.php; (k) interface/practice/ins search.php; (l) interface/logout.php; (m) custom report range.php, (n) players report.php, and (o) front receipts report.php in interface/reports/; (p) facility admin.php, (q) usergroup admin.php, and (r) user info.php in interface/usergroup/; or (s) custom/import xml.php. This can occur when register globals is enabled.

Recommendations: For OpenEMR versions 2.8.1 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, as a temporary workaround, restrict access to the vulnerable PHP files, such as billing process.php, billing report.php, login.php, and others, until a patch is available. Avoid using the srcdir parameter in the affected PHP files until the issue is resolved.